What’s the Problem?
When deploying on RHEL7 or Centos7, it is fairly common to see a warning like the following one (which I just got while installing Presto from Facebook):
WARNING: Current OS file descriptor limit is 4096. Presto recommends at least 8192.
There are a variety of these issues… but the basic problem is that your OS has set limits for things and sometimes we need to raise those limits depending on what we’re running (especially when we’re running large apps on large servers).
The ulimit being referred to here always ends up being extra hard to edit as you have to do it in multiple places and most blogs/posts don’t cover them all for some reason (having suffered through it multiple times now, I know that).
How Do We View the Limits?
In this warning, we see that the “OS File Descriptor” limit is 4096 currently. So, lets look at the current settings with the “ulimit -a” command:
$> ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 257564 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 4096 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited
We can see in here that “max user processes” is 4096. We can also see another option, open files, is 1024.
So, let’s increase both of those (only the first is relevant to the warning though).
Increasing the Limits
Edit/etc/sysctl.conf and add:
fs.file-max = 65536
Edit /etc/security/limits.conf and add:
* soft nproc 65535 * hard nproc 65535 * soft nofile 65535 * hard nofile 65535
For some reason, the proc limit is also defined in a separate file located roughly at this path (the number can vary) – so please edit /etc/security/limits.d/20-nproc.conf and make the contents into the following:
* soft nproc 65535 * hard nproc 65535 * soft nofile 65535 * hard nofile 65535 root soft nproc unlimited
That last one is the one that most places miss.
Verifying the New Limits
Here’s the last tricky part… if you run “ulimit -a” again now, it won’t really look much better. So, re-log-in to your shell/server and then run it, and you’ll see the settings are now updated (yay!).
$> ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 257564 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 65535 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 65535 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited
But What About SystemD and SystemCTL?
I felt victorious at this point, but alas, when I ran presto and haproxy they both spit out warnings and/or errors again for the same reason. What is this!?
It turns out I was running both in SystemD, and SystemD has its own way of managing these things. So, in that case, the final step is to go to your unit file in /etc/systemd/system/your-app.service and add the following inside the [Service] section (the … just implies there may be content above or below it, just add those two properties in the existing section).
[Service] ... LimitNPROC=65535 LimitNOFILE=65535 ...
After adding that you should do a “sudo systemctl daemon-reload” and “sudo systemctl restart your-app” to apply the settings.
And finally, everything is right with the world!
Coding Stream of Consciousness 